McAfee UNINSTALLER 6.0 User manual

Category
Software
Type
User manual
User Guide
revision 1.0
McAfee
®
GroupShield
version 7.0
For Microsoft
®
Exchange
COPYRIGHT
Copyright © 2007 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system or translated into any language in any form or by any means
without the written permission of McAfee, Inc. or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
ACTIVE FIREWALL, ACTIVE SECURITY, ACTIVESECURITY (AND IN KATAKANA), ACTIVESHIELD, CLEAN-UP, DESIGN (STYLIZED E), DESIGN (STYLIZED N),
ENTERCEPT, EPOLICY ORCHESTRATOR, FIRST AID, FOUNDSTONE, GROUPSHIELD, GROUPSHIELD (AND IN KATAKANA), INTRUSHIELD, INTRUSION
PREVENTION THROUGH INNOVATION, MCAFEE, MCAFEE (AND IN KATAKANA), MCAFEE AND DESIGN, MCAFEE.COM, MCAFEE VIRUSSCAN, NET TOOLS,
NET TOOLS (AND IN KATAKANA), NETSCAN, NETSHIELD, NUTS & BOLTS, OIL CHANGE, PRIMESUPPORT, SPAMKILLER, THREATSCAN, TOTAL VIRUS
DEFENSE, VIREX, VIRUS FORUM, VIRUSCAN, VIRUSSCAN, VIRUSSCAN (AND IN KATAKANA), WEBSCAN, WEBSHIELD, WEBSHIELD (AND IN KATAKANA) are
registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. The color red in connection with security is distinctive of
McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE
ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD or A FILE
AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH
IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR
A FULL REFUND.
Attributions
This product includes or may include:
• Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). • Cryptographic software written by Eric A. Young and
software written by Tim J. Hudson. • Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other
similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs or portions thereof, and have access to
the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source
code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software
licenses require that McAfee provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights
shall take precedence over the rights and restrictions herein. • Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer.
Software originally written by Robert Nordier, Copyright © 1996-7 Robert Nordier. • Software written by Douglas W. Sauder. Software developed by the Apache
Software Foundation (http://www.apache.org/). A copy of the license agreement for this software can be found at www.apache.org/licenses/LICENSE-2.0.txt.
• International Components for Unicode ("ICU") Copyright ©1995-2002 International Business Machines Corporation and others. • Software developed by
CrystalClear Software, Inc., Copyright ©2000 CrystalClear Software, Inc. • FEAD
®
Optimizer
®
technology, Copyright Netopsystems AG, Berlin, Germany. • Outside
In
®
Viewer Technology ©1992-2001 Stellent Chicago, Inc. and/or Outside In
®
HTML Export, © 2001 Stellent Chicago, Inc. • Software copyrighted by Thai Open
Source Software Center Ltd. and Clark Cooper, © 1998, 1999, 2000. • Software copyrighted by Expat maintainers. • Software copyrighted by The Regents of the
University of California, © 1996, 1989, 1998-2000. • Software copyrighted by Gunnar Ritter. • Software copyrighted by Sun Microsystems, Inc., 4150 Network
Circle, Santa Clara, California 95054, U.S.A., © 2003. • Software copyrighted by Gisle Aas. © 1995-2003. • Software copyrighted by Michael A. Chase, © 1999-2000.
• Software copyrighted by Neil Winton, ©1995-1996. • Software copyrighted by RSA Data Security, Inc., © 1990-1992. • Software copyrighted by Sean M. Burke,
© 1999, 2000. • Software copyrighted by Martijn Koster, © 1995. • Software copyrighted by Brad Appleton, © 1996-1999. • Software copyrighted by Michael G.
Schwern, ©2001. • Software copyrighted by Graham Barr, © 1998. • Software copyrighted by Larry Wall and Clark Cooper, © 1998-2000. • Software copyrighted
by Frodo Looijaard, © 1997. • Software copyrighted by the Python Software Foundation, Copyright © 2001, 2002, 2003. A copy of the license agreement for this
software can be found at www.python.org. • Software copyrighted by Beman Dawes, © 1994-1999, 2002. • Software written by Andrew Lumsdaine, Lie-Quan
Lee, Jeremy G. Siek © 1997-2000 University of Notre Dame. • Software copyrighted by Simone Bordet & Marco Cravero, © 2002. • Software copyrighted by
Stephen Purcell, © 2001. • Software developed by the Indiana University Extreme! Lab (http://www.extreme.indiana.edu/). • Software copyrighted by International
Business Machines Corporation and others, © 1995-2003. • Software developed by the University of California, Berkeley and its contributors. • Software developed
by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http:// www.modssl.org/). • Software copyrighted by Kevlin Henney, © 2000-2002.
• Software copyrighted by Peter Dimov and Multi Media Ltd. © 2001, 2002. • Software copyrighted by David Abrahams, © 2001, 2002. See
http://www.boost.org/libs/bind/bind.html for documentation. • Software copyrighted by Steve Cleary, Beman Dawes, Howard Hinnant & John Maddock, © 2000.
Software copyrighted by Boost.org, © 1999-2002. • Software copyrighted by Nicolai M. Josuttis, © 1999. • Software copyrighted by Jeremy Siek, © 1999-2001.
• Software copyrighted by Daryle Walker, © 2001. • Software copyrighted by Chuck Allison and Jeremy Siek, © 2001, 2002. • Software copyrighted by Samuel
Krempp, © 2001. See http://www.boost.org for updates, documentation, and revision history. • Software copyrighted by Doug Gregor (greg[email protected]), © 2001,
2002. • Software copyrighted by Cadenza New Zealand Ltd., © 2000. • Software copyrighted by Jens Maurer, ©2000, 2001. • Software copyrighted by Jaakko
Järvi ([email protected]), ©1999, 2000. • Software copyrighted by Ronald Garcia, © 2002. • Software copyrighted by David Abrahams, Jeremy Siek, and Daryle
Walker, ©1999-2001. • Software copyrighted by Stephen Cleary (shamm[email protected]), ©2000. • Software copyrighted by Housemarque Oy
<http://www.housemarque.com>, © 2001. • Software copyrighted by Paul Moore, © 1999. • Software copyrighted by Dr. John Maddock, © 1998-2002.
• Software copyrighted by Greg Colvin and Beman Dawes, © 1998, 1999. • Software copyrighted by Peter Dimov, © 2001, 2002. • Software copyrighted by
Jeremy Siek and John R. Bandela, © 2001. • Software copyrighted by Joerg Walter and Mathias Koch, © 2000-2002. • Software copyrighted by Carnegie Mellon
University © 1989, 1991, 1992. • Software copyrighted by Cambridge Broadband Ltd., © 2001-2003. • Software copyrighted by Sparta, Inc., © 2003-2004.
• Software copyrighted by Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications, © 2004. • Software copyrighted by
Simon Josefsson, © 2003. • Software copyrighted by Thomas Jacob, © 2003-2004. • Software copyrighted by Advanced Software Engineering Limited, © 2004.
• Software copyrighted by Todd C. Miller, © 1998. • Software copyrighted by The Regents of the University of California, © 1990, 1993, with code derived from
software contributed to Berkeley by Chris Torek.
Issued September 2007 / GroupShield
software version 7.0
DBN-001-EN
3
Contents
1 Introduction 7
About GroupShield for Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
What is GroupShield? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
How does GroupShield work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
How GroupShield protects Exchange? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
How does scanning work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Other areas to protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
GroupShield Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
What is New? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Features not supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Using this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Getting product information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Standard documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Contact information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2 Pre-Installation 21
Pre-Installation scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Types of installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3 Installing the Software 25
Accessing the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
What is included with the software? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Installing GroupShield for Microsoft
®
Exchange Server 2003/2007 . . . . . . . . . . . 26
Installing additional components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Buffer Overflow Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Installing McAfee Anti-Spam for GroupShield . . . . . . . . . . . . . . . . . . . . . . . . 31
Silent installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Configuring GroupShield in a cluster environment . . . . . . . . . . . . . . . . . . . . . . . . 33
Upgrading GroupShield from v6.0.2 or higher . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4 Post-Installation Tasks and Maintenance 39
Testing your GroupShield installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Testing the anti-virus component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Testing the McAfee Anti-Spam component . . . . . . . . . . . . . . . . . . . . . . . . . . 40
4
McAfee
®
GroupShield
7.0 User Guide Contents
Testing GroupShield installation using McAfee Virtual Technician . . . . . . . . . 40
Quarantining using McAfee Quarantine Manager 4.1 . . . . . . . . . . . . . . . . . . . . . 41
Upgrading Blacklists and Whitelists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Maintaining your GroupShield application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Modifying the GroupShield installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Repairing the GroupShield installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Restoring original out-of-box configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Uninstalling GroupShield for Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5 Integrating with ePolicy Orchestrator 3.6 47
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Pre-requisites for using ePolicy Orchestrator 3.6 . . . . . . . . . . . . . . . . . . . . . . 47
Introducing ePolicy Orchestrator console . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Upgrading from GroupShield for Exchange version 6.0.x NAP settings . . . . . 52
Configuring GroupShield Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Managing Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Scheduling tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Configuring reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
6 Integrating with ePolicy Orchestrator 4.0 63
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Pre-requisites for installing ePolicy Orchestrator 4.0 . . . . . . . . . . . . . . . . . . . 63
Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
ePolicy Orchestrator agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Checking-in the McAfee GroupShield for Microsoft Exchange Server 2003/2007
package to the ePolicy Orchestrator server . . . . . . . . . . . . . . . . . . . . . . . . 65
Installing GroupShield for Exchange on the client computer . . . . . . . . . . . . . 66
Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Introducing ePolicy Orchestrator 4.0 Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . 68
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Client tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
7 Integrating with ProtectionPilot 1.5 77
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Pre-requisites for using ProtectionPilot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Introducing ProtectionPilot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Configuring GroupShield policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Setting and enforcing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Scheduling tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
5
McAfee
®
GroupShield
7.0 User Guide Contents
Creating a new on-demand scan task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Creating a new AutoUpdate task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
8 Getting Started with the User Interface 87
Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Statistics & information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
On-demand scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Status report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Graphical reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
9 Detected Items 97
Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Phish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Potentially unwanted programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Unwanted content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Banned file types/messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
All items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101
10 Policy Manager 105
Policy manager views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Inheritance view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Advanced view . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Creating a subpolicy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Policy settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
List all scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
View settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Specify users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Scanners and filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Core scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Shared resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Scanners and alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Filter rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Time slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
11 Settings & Diagnostics 163
On-access settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Anti spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Detected items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
McAfee Quarantine Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Local database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
User interface preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Dashboard settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Graph and chart settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
6
McAfee
®
GroupShield
7.0 User Guide Contents
Diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Debug logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
Error reporting service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Event logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Product log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Product log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
DAT settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Import and export configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Index 177
7
1
Introduction
About GroupShield for Exchange
This section introduces McAfee
®
GroupShield
7.0 and describes how it protects your
Microsoft
®
Exchange Server 2003 and Microsoft
®
Exchange Server 2007 from
potentially harmful, unwanted, and undesirable content.
Topics covered are:
What is GroupShield?
How does GroupShield work?
How GroupShield protects Exchange?
Where GroupShield sits on your network?
Other areas to protect
GroupShield Features
What is New?
Features not supported
What is GroupShield?
McAfee
®
GroupShield
7.0 software protects Microsoft
®
Exchange Server 2003 and
Microsoft
®
Exchange Server 2007 from virus, phish, spam, unwanted content,
potentially unwanted programs, and banned file types/messages. It also supports
content filtering within the email messages.
How does GroupShield work?
The GroupShield software integrates with Microsoft
®
Exchange Server 2003/2007 to
scan email messages for detections.
8
McAfee
®
GroupShield
7.0 User Guide Introduction
About GroupShield for Exchange
1
Each time, an email message is sent to or received from a source, GroupShield scans
it comparing it with a list of known viruses and suspected virus-like behavior.
GroupShield can also scan for content within the email message using rules and
policies defined within the GroupShield software.
How GroupShield protects Exchange?
GroupShield uses McAfee
®
Transport Scanner and Microsoft
®
Virus Scanning API
(VSAPI) to scan all email messages.
The anti-spam, anti-virus, and the content management engine scan the messages and
provide the result to GroupShield 7.0 before being written to the file system or being
read by the Microsoft
®
Exchange 2003/2007 users.
The anti-virus scanning engine and the anti-spam scanning engine compare the email
message with all the known signatures stored within the currently installed virus
definition (
DAT) files and anti-spam rules. The anti-virus engine also checks the message
using the selected heuristic detection methods.
The content management engine searches the email message for banned content as
specified in the content management policies running within the GroupShield
software.
If there are no viruses, banned/unwanted content in the email message, GroupShield
passes the information back to Microsoft
®
Exchange 2003/2007.
In case of a detection, GroupShield takes actions that are defined within its
configuration settings.
Email server protection — McAfee GroupShield
McAfee GroupShield 7.0 integrates with Microsoft
®
Exchange Server 2003/2007 to
protect against viruses that may be transmitted using your corporate email system.
Due to the close integration between your email server and GroupShield anti-virus
solution, GroupShield can do more than just protecting your email server from viruses.
It can:
Note
For Microsoft
®
Exchange Server 2003 (used as a Bridgehead Server) and Microsoft
®
Exchange Server 2007 (with Edge Transport or Hub Transport-only role), GroupShield
uses McAfee
®
Transport Scanner (and not Microsoft
®
Transport Scanner) to protect the
server. However, for Exchange Server 2003 Mailbox Server and Exchange 2007
MailBox Role, GroupShield provides additional scanning option using Microsoft VSAPI.
Note
The default actions may differ, depending on the installed version of Microsoft
®
Exchange and, where applicable, the chosen scanning method.
9
McAfee
®
GroupShield
7.0 User Guide Introduction
About GroupShield for Exchange
1
protect the email server from harmful scripts sent within the email system.
block messages with specific attachments.
block messages based on words that appear either within the subject line/body of
the message.
block messages from specific addresses.
How does scanning work?
Central to your GroupShield software is the McAfee
®
Security scanning engine and the
virus definition (DAT) files. The engine is a complex data analyzer. The DAT files contain
a great deal of information including thousands of different drivers, each of which
contains detailed instructions on how to identify a virus or a type of virus.
The McAfee
®
Security scanning engine works with the DAT files. It identifies the type
of the item being scanned and decodes the contents of that object, so that it
understands what the item is. It then uses the information in the DAT files to search
and locate known viruses. Many viruses have a distinctive signature. There is a
sequence of characters unique to a virus and the engine searches for that signature.
The engine uses a technique called heuristic analysis to search for unknown viruses.
This involves analysis of the object’s program code and searching for distinctive
features typically found in viruses.
Once the engine has confirmed the identity of a virus, it cleans the object as far as
possible. For example, by removing an infected macro from the attachment in which it
is found or by deleting the virus code in an executable file. In some instances, if the
virus has destroyed data, the file cannot be fixed and the engine must make the file
safe so that it cannot be activated and infect other files.
Other areas to protect
The following key areas of your network can be protected by McAfee
®
Security
products as a part of your integrated virus defense solution:
Internet gateway protection — Secure Content Management Appliances
The major source of threats to your corporate network comes from Internet traffic,
either through email or by connecting to websites that might contain potentially
harmful code. Secure Content Management Appliances protects the gateway
between your internal networks and the Internet. It prevents infected items from
entering your network through the Internet by scanning all inbound and outbound
traffic between your network and the Internet.
10
McAfee
®
GroupShield
7.0 User Guide Introduction
About GroupShield for Exchange
1
Document repository protection — McAfee PortalShield
Using computers within corporate environment has made it easy to create
documents that might contain mission-critical information. Several software
vendors produce portal servers to store, index and control your critical documents
in a way that enables them to be easily located when needed. Because these portal
servers are set up to store your critical information, it is important that this
information is also protected. McAfee
®
PortalShield
integrates with the stores of
these products to provide scanning of such documents each time they are accessed
from, or saved to the store.
Desktop and file server protection — McAfee VirusScan Enterprise
Not all viruses are transmitted via email. Many can be spread by reading from
physical media, such as diskettes or CDs. Others can spread by using network
shares to copy themselves from one computer to another across your network.
From the viewpoint of somebody trying to attack your corporate network, your file
servers are a good target because many other computers connect to the file
servers. Infecting the file server is more likely to have serious consequences than
infecting a single desktop computer.
The McAfee
®
VirusScan products protect desktop computers and file servers within
your network. As part of your integrated response to virus threats, VirusScan can be
viewed as your last line of defense, protecting each desktop computer and file
server from viruses that might spread using network shares or physical media.
VirusScan is available in versions to protect Microsoft
®
Windows, Unix, Apple
Macintosh computers, as well as all the leading wireless devices that might connect
to your PCs and network.
Management solution — McAfee
®
ePolicy Orchestrator
With ePolicy Orchestrator, you can manage and update all your McAfee anti-virus
solutions across your network from a single point, ensuring that the engines and the
virus definition (DAT) files are up-to-date and that the suitable policies are in place
to deal with any attacks to your network.
11
McAfee
®
GroupShield
7.0 User Guide Introduction
GroupShield Features
1
GroupShield Features
GroupShield includes these major features on Exchange Server 2003 and 2007:
Anti-virus scanning — GroupShield provides the ability to scan for viruses contained
in email messages that are transmitted over Microsoft
®
Exchange SMTP or held
within the Microsoft
®
Exchange Server store.
Anti-spam scanning — Spam is increasingly becoming an issue within the
workplace. Spam consumes system resources by taking up bandwidth and storage
within your corporate systems and distracts staff from their key job functions
because they have to deal with the unwanted email within their mailboxes.
GroupShield helps you save bandwidth and the storage required by your Microsoft
®
Exchange servers by assigning spam scores to each email messages while
scanning them and by taking the configured action on those messages.
Anti-phishing — GroupShield is capable of detecting email messages containing
phish that fraudulently tries to obtain personal information. Typically such email
messages request the recipients to click on a link in the email to verify or update
contact details, credit card details or other personal information.
Content filtering — GroupShield provides the ability to scan for content/text in an:
email message subject line
email message body
email attachment
File filtering — GroupShield scans an email attachment depending on the file name,
file type, and the file size of that attachment.
Enterprise rollout, administration, updating and reporting using McAfee
®
ePolicy
Orchestrator and McAfee
®
ProtectionPilot — GroupShield integrates with McAfee
®
ePolicy Orchestrator and McAfee
®
ProtectionPilot to provide a centralized method
for rolling out, administering and updating the GroupShield software across your
Microsoft
®
Exchange system. The ability to centrally manage an organization-wide
implementation of the GroupShield software reduces the time required to
administer and update the system.
12
McAfee
®
GroupShield
7.0 User Guide Introduction
GroupShield Features
1
What is New?
New Web Based User Interface GroupShield for Exchange provides a user
friendly web-based interface based on DHTML. To access this, click
Start | Programs
|
McAfee | GroupShield for Exchange | GroupShield for Exchange (Web).
Policy Management The Policy Manager menu option lists different policies that
you can set up/manage in GroupShield. You can specify various policies/actions that
determine how different types of threats are treated when detected. For detailed
information on the policy management, refer to the chapter Policy Manager on
page 105.
Anti-Phishing Capability GroupShield for Exchange is capable of detecting email
messages containing phish that fraudulently tries to obtain personal information.
Capability to detect Packers and Potentially Unwanted Programs GroupShield for
Exchange is capable of detecting packers that compresses and encrypts the original
code of an executable file.
It also detects Potentially Unwanted Programs that are software programs written
by legitimate companies which may alter the security state or the privacy posture
of a computer on which they are installed.
Enhanced Anti-Spam Capability GroupShield for Exchange is capable of detecting
spam or unsolicited bulk email messages sent to multiple recipients, who did not
ask to receive it. It assigns a “spam score” to every email message. You can then
choose to block those messages if they are above a certain score.
Enhanced Background Scanning options For Exchange Server 2007, GroupShield
provides enhanced background scanning options. During this type of scanning, not
all the email messages are scanned when accessed. This reduces the workload of
the scanner. For more information, refer to the sub topic For Exchange Server 2007
on page 165.
Centralized Scanner, Filter Rules and Enhanced Alert Settings Using Scanners,
you can configure the scanner-related settings that a policy can apply when
scanning items.
In File Filtering Rules, you can set up rules that apply to file name, file type, and file
size. You can use the alert editor to customize the text of an alert message using
the Style, Font, Size, and Token menus.
Time based scanning and actions GroupShield for Exchange enables scanning
emails at convenient times or at regular intervals. You can schedule regular scan
operations when the server activities are comparatively low and when they do not
interfere with your work.
Content Scanning and True Type File Filtering of Microsoft® Office 2007 file
formats
13
McAfee
®
GroupShield
7.0 User Guide Introduction
GroupShield Features
1
Filter for Password Protected ZIP Files For more information about this filter,
refer to Password-protected files on page 140.
Filter for Protected Content (Password protected Microsoft
®
Office files) For
more information about this filter, refer to Protected content on page 137.
Support for N+1 cluster — For more information, refer to Single Copy Cluster (SCC,
N+1 cluster configuration) on Exchange Server 2003 and 2007 on page 34.
Enhanced MIME Scanning MIME (Multipurpose Internet Mail Extensions) is a
communications standard that enables the transfer of non-ASCII formats over
protocols (like SMTP) that supports only 7-bit ASCII characters. GroupShield enables
you to specify how such MIME messages are handled.
Buffer Overflow protection using VirusScan Enterprise version 8.5i A buffer
overflow is an anomalous condition where a process attempts to store data beyond
the boundaries of a fixed-length buffer. This results in extra data, overwriting the
adjacent memory locations. Enabling Buffer Overflow Protection prevents this
condition. GroupShield has the provision of buffer overflow protection. For more
information, refer to Buffer Overflow Protection on page 30.
Enhanced Quarantine Management
Local Quarantine Management Detected Items can be quarantined. You can
specify the local database to be used as a repository for quarantining email
messages. You can also configure maintenance settings for the local quarantine
database.
Quarantining using McAfee Quarantine Manager version 4.1 or 4.1.1 — You can
specify McAfee Quarantine Manager in a different server as a repository for
quarantining infected email messages. This keeps your Exchange Server safe
from viruses.
Integration with:
McAfee ePolicy Orchestrator version 3.6 and 4.0 to provide a single point of
control for your McAfee anti-virus products, to manage anti-virus policies and
view reports of anti-virus events and virus activity in an enterprise environment.
For more information, refer to the chapters Integrating with ePolicy Orchestrator
3.6 on page 47 and Integrating with ePolicy Orchestrator 4.0 on page 63.
Note
Buffer over flow protection is available only on 32 -bit platforms (and not on 64-bit
platforms) with Exchange Server 2003.
14
McAfee
®
GroupShield
7.0 User Guide Introduction
GroupShield Features
1
McAfee ProtectionPilot version 1.5 and above to provide security
management that simplifies anti-virus management tasks for network
administrators who manage up to 500 computers. Management consists of
deploying (sending and installing) anti-virus products, configuring product
settings, and keeping those products up-to-date. For more information, refer to
the chapter Integrating with ProtectionPilot 1.5 on page 77.
Anti-virus Engine 5200 to provide improved and latest detections like Packers
and Potentially Unwanted Programs, improved emulator with agile methodology.
Co-existence with:
McAfee VirusScan Enterprise v 8.0 and above.
McAfee Host Intrusion Prevention Agent.
Auto-update of Virus Definitions (V2API DATs), ExtraDATs, Anti-Virus engine, Spam
engine and Spam rules McAfee Security regularly provides updated Virus
Definition (DAT) files and virus-scanning engine, spam engine and rules to detect
and clean the latest threats.
Product Update using SuperDAT v 2.2 executable GroupShield helps you keep
your server free from viruses, Trojans, spams, phish, PUPs by regularly updating the
product using SuperDAT executable.
In-product Reports GroupShield generates status reports and graphical reports to
view information about the detected items.
Anti-Virus Stamping mechanism on a Microsoft® Exchange Server 2007 with Edge
or Hub server role — McAfee
®
Transport Scanner assigns a stamp to the header of
an email message after scanning. This prevents the message from being
re-scanned by VSAPI.
Direction Based Scanning GroupShield supports direction-based scanning. It
scans inbound, outbound, and internal email messages using McAfee
®
Transport
Scanner.
User and Server level blacklist and whitelist using McAfee Quarantine Manager
version 4.1 — For more information, refer to Upgrading Blacklists and Whitelists on
page 42.
Integration with SuperDAT Manager version 2.2 SuperDAT Manager 2.2
supports updating of the DAT and Engine for the GroupShield software.
Note
GroupShield uses new version of anti-virus DATs and engine (V2API). This provides
improved detections of the latest viruses and threats.
15
McAfee
®
GroupShield
7.0 User Guide Introduction
GroupShield Features
1
Integration with McAfee Common Management Agent (CMA) version 3.6 and
above You can use the CMA component to manage GroupShield and perform
product updates, scheduled tasks, and events reporting as a part of the core
installation.
Features not supported
Integration with black and whitelist server application installed along with
GroupShield for Exchange version 6.x.
Integration with Outbreak Manager (OBM).
Integration with Alert Manager (AM).
Integration with ProtectionPilot 1.1.
Integration with ePolicy Orchestrator 3.5.x.
Integration with Exchange Server 2000.
Integration with Common Management Agent 3.5.x.
Integration with McAfee AutoUpdate Architect 1.x.
16
McAfee
®
GroupShield
7.0 User Guide Introduction
Using this Guide
1
Using this Guide
This guide describes the sequential process of installing McAfee GroupShield
7.0 for
Microsoft
®
Exchange 2003 and 2007. It also gives a detailed description of the software
usage. Topics covered are:
Pre-Installation Pre-installation scenarios and system requirements.
Installing the Software Accessing and installing GroupShield.
Post-Installation Tasks and Maintenance Testing the GroupShield installation,
anti-virus component, anti-spam component and testing using the McAfee Virtual
Technician. Quarantining using McAfee Quarantine Manager, modifying, repairing,
restoring and uninstalling the software.
Integrating with ePolicy Orchestrator 3.6 Testing the GroupShield integration
with ePolicy Orchestrator version 3.6.
Integrating with ePolicy Orchestrator 4.0 Testing the GroupShield integration
with ePolicy Orchestrator version 4.0.
Integrating with ProtectionPilot 1.5 Testing the GroupShield integration with
ProtectionPilot.
Getting Started with the User Interface Using GroupShield for Microsoft
®
Exchange Server 2003/2007, getting detailed information about the dashboard,
detected items, policy manager and settings & diagnostics.
Audience
This information is intended for network administrators who are responsible for their
company’s anti-virus and security program.
17
McAfee
®
GroupShield
7.0 User Guide Introduction
Using this Guide
1
Conventions
This guide uses the following conventions:
Bold
Condensed
All words from the interface, including options, menus, buttons, and dialog
box names.
Example:
Type the
User name and Password of the appropriate account.
Courier The path of a folder or program; text that represents something the user
types exactly (for example, a command at the system prompt).
Examples:
The default location for the program is:
C:\Program Files\McAfee\EPO\3.6.0
Run this command on the client computer:
scan --help
Italic For emphasis or when introducing a new term; for names of product
documentation and topics (headings) within the material.
Example:
Refer to the VirusScan Enterprise Product Guide for more information.
Blue A web address (
URL) and/or a live link.
Example:
Visit the McAfee web site at:
http://www.mcafee.com
<TERM> Angle brackets enclose a generic term.
Example:
In the console tree, right-click <
SERVER>.
Note
Note: Supplemental information; for example, another method of
executing the same command.
Tip
Tip: Suggestions for best practices and recommendations from McAfee for
threat prevention, performance and efficiency.
Caution
Caution: Important advice to protect your computer system, enterprise,
software installation or data.
Warning
Warning: Important advice to protect a user from bodily harm when using
a hardware product.
18
McAfee
®
GroupShield
7.0 User Guide Introduction
Getting product information
1
Getting product information
Unless otherwise noted, product documentation comes as Adobe Acrobat .PDF files,
available on the product CD or from the McAfee download site.
Standard documentation
User Guide System requirements and instructions for installing and starting the
software. Getting started with the product and its features, detailed instructions for
configuring the software, information on deployment, recurring tasks, and operating
procedures.
Help High-level and detailed information accessed from the software application:
Help menu and/or Help button for page-level help; right-click option for What’s This?
help.
Release Notes ReadMe. Product information, resolved issues, any known issues,
and last-minute additions or changes to the product or its documentation.
19
McAfee
®
GroupShield
7.0 User Guide Introduction
Contact information
1
Contact information
Threat Center: McAfee Avert
®
Labs http://www.mcafee.com/us/threat_center/default.asp
Avert Labs Threat Library
http://vil.nai.com
Avert Labs WebImmune & Submit a Sample (Logon credentials required)
https://www.webimmune.net/default.asp
Avert Labs DAT Notification Service
http://vil.nai.com/vil/signup_DAT_notification.aspx
Download Site http://www.mcafee.com/us/downloads/
Product Upgrades (Valid grant number required)
Security Updates (DATs, engine)
HotFix and Patch Releases
For Security Vulnerabilities (Available to the public)
For Products (ServicePortal account and valid grant number required)
Product Evaluation
McAfee Beta Program
Technical Support http://www.mcafee.com/us/support/
KnowledgeBase Search
http://knowledge.mcafee.com/
McAfee Technical Support ServicePortal (Logon credentials required)
https://mysupport.mcafee.com/eservice_enu/start.swe
Customer Service
Web
http://www.mcafee.com/us/support/index.html
http://www.mcafee.com/us/about/contact/index.html
Phone
US, Canada, and Latin America toll-free:
+1-888-VIRUS NO or +1-888-847-8766 Monday – Friday, 8 a.m. – 8 p.m., Central Time
Professional Services
Enterprise: http://www.mcafee.com/us/enterprise/services/index.html
Small and Medium Business: http://www.mcafee.com/us/smb/services/index.html
20
McAfee
®
GroupShield
7.0 User Guide Introduction
Contact information
1
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180

McAfee UNINSTALLER 6.0 User manual

Category
Software
Type
User manual

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI